If you’re a typical business owner or computer user, and you have one of these icons on your systems, we need to talk:
New info shows that computers “listening” for Remote Desktop Connection are more of a security risk than previously thought. Now, it’s still reasonably secure to use Remote Desktop within your own network as long as you’re not allowing Remote Desktop connections from the outside.
According to Microsoft Support, all an attacker needs to do is send a specific sequence of codes to a Windows server or other computer waiting for a remote connection. No password needed.
This is in addition to existing knowledge that keeping Remote Desktop/Windows Terminal services open to the outside world is dangerous for other reasons. There are several programs that will automate “cracking” a Windows Terminal server by trying a brute-force attack consisting of thousands of usernames and passwords. Think this is just uber-hacker stuff? Wrong. There are a few dozen youtube videos that will show you the RDP hacking process step-by-step.
We have seen cases where systems are compromised, and neither the business owner nor the “computer guy” knows until we review the firewall logs, look into the reports of unexpected behavior, and reveal the extent of the problem. In many cases these servers are compromised in this manner because the previous IT provider left Remote Desktop Protocol open to the server with a laughably simple administrator password like 000 or password123.
Bottom line is this: Your business (or home) should not have Remote Desktop Connection services listening on the Internet. We have other ways to do all that.
Our clients’ networks are already “locked down” like this.